EMEA Cloud Computing Competence Centre
NEC CLOUD STORAGE
SOLUTION DESCRIPTION
<CARRIER>
EMEA Cloud Computing Competence Centre
TABLE OF CONTENTS
1
PRODUCT DESCRIPTION ........................................................................................................ 3
2
PRODUCT FEATURES .............................................................................................................. 6
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
3
USER ROLES ............................................................................................................................... 8
3.1
3.2
4
USER ADMINISTRATOR PORTAL ............................................................................................. 9
USER PORTAL .......................................................................................................................... 9
CLIENT APPLICATIONS ........................................................................................................ 11
4.1
4.2
5
FILE MANAGEMENT ................................................................................................................ 6
MULTIPLE DOWNLOAD/UPLOAD ............................................................................................ 6
MAILET.................................................................................................................................... 7
SHARING FOLDERS .................................................................................................................. 7
SHARED FILES EDITING ........................................................................................................... 8
SHARED FILE URL................................................................................................................... 8
INDIVIDUAL SHARING CONFIGURATION (COMMENTS, PERMISSIONS)..................................... 8
FILE EXPIRATION CONFIGURATION ........................................................................................ 8
PC CLIENT ............................................................................................................................. 11
MOBILE CLIENTS ................................................................................................................... 15
CLOUD STORAGE ARCHITECTURE .................................................................................. 16
5.1
5.2
1.1
1.2
REFERENCE PHYSICAL ARCHITECTURE ................................................................................ 16
REFERENCE LOGICAL ARCHITECTURE .................................................................................. 17
BACKEND STORAGE .............................................................................................................. 18
SECURITY .............................................................................................................................. 19
2
EMEA Cloud Computing Competence Centre
1 PRODUCT DESCRIPTION
NEC Cloud Storage is a carrier oriented online storage platform integrated with multiple fixed
and mobile devices for ubiquitous information access.
With NEC Cloud Storage, companies no longer need to care where the data is physically
located neither from which device it is accessed: all you need to know is what information
you want and you get it transparently. Totally integrated with Windows folders (the new
storage unit in the cloud appears as if local), and where Cloud Storage uses its small internal
memory as a cache, so that the most common files are available even without coverage or
access to the Internet. It’s a unique virtual storage service (in the network) allows you to
have a share space available with your employees, customers and providers, and in addition
have your own private space to store your personal information. With the so called network
disk you will have available a private storage space and a shared one. Everything you store
will be automatically synchronized between your device and in the cloud.

Have a private and shared storage space. Everything you store there will be
available on your local device (PC, Mobile, Tablet) and "the cloud" so you can access
it from any computer connected to the Internet.

All the information is point to point encrypted. If you lose your device no one will be
able to access your files and you’ll be able to restore the information within minutes
from the cloud.

Get access to Value Added Services such as Mailet, sharing with people inside and
outside Cloud Storage, etc.
3
EMEA Cloud Computing Competence Centre
Main Benefits of NEC Cloud Storage:

Mobile storage expanded to the Cloud

Multi device Support: PC, Mobile (iOS, Android), Web.

Secure Storage on PC, Mobile & Cloud

Incremental revenues from additional space allocated on-the-flight

Tight the users to the operator reducing churn

Offline most used content availability (My favorites)

Secure document sharing within a company or with external users

Fully integrated with operators backend/billing systems

Files seamlessly synchronized to the cloud

Remotely administrated by the operator/company IT department
NEC Cloud Storage allows seamless and secure data synchronization among all end user
devices such as smartphones, tablets, PCs and the Cloud. With NEC Cloud Storage,
companies no longer need to care where the data is physically located neither from which
device it is accessed: all you need to know is what information you want and you get it
transparently.
Totally integrated with Windows folders (the new storage unit in the cloud appears as if local),
and where Cloud Storage uses its small internal memory as a cache, so that the most
common files are available even without coverage or access to the Internet.
It’s a unique virtual storage service (in the network) allows you to have a share space
available with your employees, customers and providers, and in addition have your own
private space to store your personal information.
With the so called network disk you will have available a private storage space and a shared
one. Everything you store will be automatically synchronized between your device and in the
cloud.
Some features included are:
4
EMEA Cloud Computing Competence Centre
 Have a private and shared storage space. Everything you store there will be
available on your local device (PC, Mobile, 3G modem) and "the cloud" so you can
access it from any computer connected to the Internet.
 Get more benefits than with classical memories (memory stick) because the
information is also stored in the cloud and you can recover in case of loss or theft
 All the information is point to point encrypted. If you lose your device no one will be
able to access your files and you’ll be able to restore the information within minutes
from the cloud.
NEC Cloud Storage is not only a social network for the company to share ideas, but is a
whole working environment to assign tasks, upload files, create wiki-like pages, manage
incoming emails, track time, manage permissions, etc.
NEC Cloud Storage is available as a web application for all browsers and as mobile
applications for iPhone, iPad and Android.
NEC Cloud Storage is considered extremely intuitive and easy to use by our customers.
Setting up an account takes less than 30 seconds, no training needed.
The benefits for a company using NEC Cloud Storage are:

Improved internal communication

Effortless project management through progress updates

More accountability for actions to be performed by team members

Better tracking of information exchange with customers/providers

Enriched knowledge sharing through Wiki-style pages and conversations

Higher engagement of the team members with the company

Peace of mind thanks to an strict international data privacy and security policy
5
EMEA Cloud Computing Competence Centre
2 PRODUCT FEATURES
2.1 File Management

User can upload, delete and modify files

Multi device experience: from PC to Mobile Device

User experience is native user experience (Virtual drive in PC Client)

Full integration with OS file explorer (Windows PC Client)

Compatible with all applications (Windows PC Client)

Files are automatically and seamlessly uploaded to the Cloud

Local copy of files to support off-line functioning:

On demand: User decides what files to cache (“My Favorites”)

Automatic: Most used files, most recent files

Virtual local capacity: local perceived size is not limited by the physical device
supporting the solution

User can share files within a group or company or with external users (sharing
link)

Quota definition
2.2 Multiple Download/Upload
Several files can be uploaded to the web just by a Drag&Drop action emulating Windows
experience.

Upload:
o
Possibility to select up to 1024 files at a single upload action not exceeding the
total amount of free space left.
o
Drag&Drop up to 1024 files to the Drag&Drop upload space specified in the
Folder structure environment.
o
While being uploaded each file will have a corresponding progress bar indicating
the upload status.
o
All the files will be uploaded sequentially.
6
EMEA Cloud Computing Competence Centre

Download:
o
Files/folders can be selected from the web interface to download
In case the file size is higher than the quota space left, the user will be notified on the
attempt to synchronize/upload the file. A popup window will appear specifying the reason to
block the synchronization/upload.
Whenever the file is dragged and dropped and exceed the limits, the write action to the
protected cache partition will be blocked.
2.3 Mailet
NEC Cloud Storage incorporates the possibility to allow users to upload files to their cloud
storage accounts just sending this file as an attachment to a personal cloud storage mail
account. The files sent to NEC Cloud Storage are stored by default in the root directory of
the personal folder. The file limit size is limited to 20 MB on NEC Cloud Storage side but
might be lower depending on user outgoing mail server configuration.
The user has the possibility to activate, deactivate or renew its NEC Cloud Storage mail
account (by default disabled) in the personal account tab. If the mail account is updated the
previous mail account is automatically deleted and won’t be available.
2.4 Sharing Folders
The user will be able to belong to different groups and be able to select any folder in the
personal directory and invite users (internal and external) to access the files. The sharing
capability will have the following features:

All shared folder properties are available through the Cloud Storage web interface.

The owner of the shared folder can restrict invited users rights to read or read/write.

Accepting being part of a shared folder automatically increments the storage
occupied by the user by the size of shared folder.

The owner (creator) of the shared folder can add or remove users from the folder as
well as change their access rights.

Any shared folder can receive comments and be protected with an access password.
7
EMEA Cloud Computing Competence Centre

External (unregistered) users will be able to access the folders through a protected
link, getting access to a folder navigation structure. Main folder action features will be
kept except sharing. An external user will also get a promotion link to register as new
service user.
2.5 Shared files editing
After a file or folder is shared, the user can review the shared file status and edit the sharing
options. Users in the sharing list can be added or removed.
2.6 Shared file URL
Every shared file or folder has an associated link. The link can be retrieved in the shared
files list for external access to the shared information or distribution through alternative
systems like email.
2.7 Individual sharing configuration (comments, Permissions)
While sharing a file or folder, the user can select individual permission per shared contact as
well as write individual sharing messages to each participant. This allows enough flexibility to
control profile access to the shared data as well as the possibility to set individual tasks.
2.8 File Expiration Configuration
While sharing a file or folder, the user can set up the time frame for shared link expiration.
Available time slots range from 1 hour to no expiration at all. After a file or folder is shared,
the user can update the expiration period at any time.
3 USER ROLES
NEC Cloud Storage solution has been designed for enterprise market implementing value
added services for different type of service users:

Administrator user: this user will manage the enterprise account and will set/modify the
rules of the shared folders. This user, as an example, provided with a multi device
access, will also own his personal disk space and will provide a shared folder to all users
in the same enterprise. The user will be able to access the information from multiple
devices and to download/upload files both in the private and shared space.

Standard user: this user, provided with a multi device access, will have access to a
personal disk space and also to the shared folder.
8
EMEA Cloud Computing Competence Centre
3.1 User Administrator Portal
Through this portal the administrator of the company can manage all the users inside the
organization and also the repositories associated to them

Management of users inside the organization

Reset user’s password

Check the quota of all users

Subscribe more space for himself, other users or for shared space (to be done
through the marketplace)

Recover files from user/group space trash folder.

Access activity logs and traces.
3.2 User Portal
Through this portal the user will have access to the personal data uploaded in the platform
as well as the information shared inside the company:

Personal Folder
9
EMEA Cloud Computing Competence Centre
o
The files stored in the Personal folder can only be accessed by the user.
o
Personal drive is for hosting private information however a user could share one
of its personal folders with other team members.

Group Folder
o
The group folder is accessible by all the members of the company and is
intended to flawlessly share information through a common files repository space.
o
This is similar to Network drive concept most companies use to share information
with the difference that NEC Cloud Storage can provide that service to SME
market with no need to invest in IT Infrastructure + files cache capability.
Furthermore, the user will have visibility of the personal quote status:

Capacity used

Total capacity available
User will be able to carry out the following actions through its personal account:

Upload files

Download files

Copy files

Move files

Delete files

Rename files

Share files
10
EMEA Cloud Computing Competence Centre
4 CLIENT APPLICATIONS
4.1 PC Client
Once login into the PC application there are two virtual drives (i.e. Y:\ and Z:\) mapped
against Cloud Storage:

Z:\ for personal user data

Y:\ for data shared between group members
11
EMEA Cloud Computing Competence Centre
From end user point of view Cloud Storage drives are recognized as local drives although
the drives are provisioned and managed on Cloud Storage platform.
Files copied to any of these units will be transferred to the cloud storage through the internet
connection. However if the connection is not available at this time, all the files will be stored
in the internal cache of the PC. Then, once the internet connection is available, it will be
possible to synchronize the cache when the application will be available.
All the communications between PC client and NEC Cloud Storage are secure by means of
SSL encryption.
Offline access is feasible thanks to the internal cache of the PC that allows having a local
replica of the documents stored in Cloud Storage. This cache is synchronized with the Cloud
Storage, ensuring that both repositories contain the same information.
All information stored locally on the cache will be protected by encryption (AES256).
Regarding user experience, PC client provides different icons in order to allow end user
having a quick understanding of the status of their files in the Cloud Storage:

Green
Files with this mark are stored on local cache of your client PC and already synchronized to
the storage in Cloud Storage platform.
12
EMEA Cloud Computing Competence Centre

Yellow
Files with this mark have been synchronized to the storage in Cloud Storage platform, but
not kept on local cache. Once those are clicked, files are downloaded to local cache, and
yellow marks turn to the green mark.

Blue
Files with this mark are copied on Cloud Storage folders on local PC, and pending to be
synchronized to the storage in Cloud Storage platform. Once a user connects to the internet,
files are synchronized to cloud and the mark turns to the green mark.

Red
Files with this mark have been synchronized to the storage in Cloud Storage platform, but
not kept on local cache. When a user is offline, the red mark shows that it is not available to
be downloaded.
The user can manually select which files should always be available in the cache, ensuring
their availability even offline. To do this, user only needs to mark using properties menu of
the file:
13
EMEA Cloud Computing Competence Centre
The remaining space in the cache is managed by the application, which has the function
Smart Cache (the space is limited by the size of the local disk when the user is using the
application).
The user can identify which files/folders want to share with others inside and outside of his
company (it is possible to share files with people without the service through web link). In the
properties menu of the file appears the “cloud share with” to define the settings of the
sharing. Selecting this option displays an agenda with all known users; it is also possible to
define new users in the known list.

If the user sharing files is also client of Cloud Storage, in their personal area it will
appear a folder called “shared folder” where he/she can find the files. This shared
folder do not consume personal quota for the target user only consume quota of the
source user.

In case that target user does not have Cloud Storage service, will be receive an
email or sms with all the information to access the file through web interface only.
14
EMEA Cloud Computing Competence Centre
The application itself is also capable of detect versioning conflicts when several users are
modifying the same file at the same time. The user will be prompted with several options: to
keep local copy, to keep remote version or save both of them.
4.2 Mobile Clients
Smartphones have become one of the most effective business tools utilized today. For this
reason Cloud Storage provides Android and iPhone native clients that allows end customer
accessing to the information stored in the application from anywhere without storing a single
file on the phone.
15
EMEA Cloud Computing Competence Centre

Access to personal and group folder

Upload/download files

Easy to use
5 CLOUD STORAGE ARCHITECTURE
5.1 Reference Physical Architecture
16
EMEA Cloud Computing Competence Centre
TYPE
NETWORKING
COMPUTING
STORAGE
Brand
Cisco Catalyst 3560G
Cisco Nexus 2000
Firewall Fortinet (NO Mandatory)
Supermicro SuperStorage
Intel PRO/1000 PT Quad Port Server Adapter
Kingston Technology ValueRAM 64 GB Kit of 4 (4x16 GB Modules)
WD RE 4 TB Enterprise Hard Drive: 3.5 Inch, 7200 RPM, SATA III, 64 MB Cache
Intel Xeon 6C E5 2620 2.0 GHz 6 LGA
NEC Express 5800/R120d-1E (2xE5-2430, 64GB DDR3, 2xHDD 146 Gb,
Intel PRO/1000 PT quad Port )
NEC M100
QNAP 419
WD RE 4 TB Enterprise Hard Drive: 3.5 Inch, 7200 RPM, SATA III, 64 MB Cache
288TB (1xSPOC+5xEPOC)
Qty (Y2 forecast, 2014)
480TB (1xSPOC+9xEPOC)
Qty(Y3 forecast, 2015)
2 4 (or 2xWS-C3560G-48TS)
2
2
2
2
8
12
8
12
8
12
96
144
8
12
2
1
1
4
2
1
1
4
5.2 Reference Logical Architecture
The logical architecture of the solution is designed to ensure maximum scalability and
redundancy of service, distributing
The logical architecture of the solution is designed to ensure maximum scalability and
redundancy of service, distributing the service logics among different types of servers.
There are three different levels in the storage hierarchy:

Object: file to store

Container: group of objects (similar to a folder)
17
EMEA Cloud Computing Competence Centre

Account: user or group of users of the service that have one or more associated
containers.
There are four types of logical services: Proxy Server, Object Server, Account Server and
Container Server.

Proxy Server: This element is responsible for unifying the elements of the
architecture OpenStack Swift. For each request, it is responsible for identifying the
account and the container of the required object, then it will route the request to the
appropriate server.

Container Server: The main function of this service is to manage lists of items in a
container and know what object server is physically storing them. The lists are stored
persistently in a local database, and replicated on different Container Servers in the
cluster.

Account Server: this server manages the list of containers associated to each
account.
To ensure that the system remains consistent even in times of incidents, as temporary
network outages or failures of disks, the architecture allows defining a replication procedure.
The replication process compares local data with each remote copy to ensure that all nodes
contain the latest version. The system maintains at least 3 copies of an object in the system,
hosted on different servers and / or physical disks. The Proxy Server is responsible for
routing the request.
OpenStack Object Store has a full API based on HTTP / REST enabling management of
objects, containers and accounts.
1.1 Backend Storage
NEC Cloud Storage is based on an open architecture that allows the massive growth of the
service to reach levels of petabytes redundantly, using clusters to ensure optimal
performance with maxi-mum redundancy of stored information.
NEC Cloud Storage is based on the OpenStack Object Store solution (Swift), originally
developed by NASA and currently supported by leading companies like NEC, Citrix,
Microsoft, Dell, Cisco, etc.
18
EMEA Cloud Computing Competence Centre
Some of the largest providers of public Cloud services such as Rackspace (involved in the
original design of the solution) use OpenStack in their production systems.
The design of Open Stack Object Store is based on the decentralization of control: the
absence of a central management point provides greater scalability, redundancy and
performance. The files are written concurrently on multiple servers in the datacenter.
OpenStack software takes care of the in-tegrity of the data inside of datacenter.
It is 100% software solution and HW independent allowing the usage of low level servers,
reducing the operating costs of the platform.
1.2 Security
The logical application manages the encryption of local data. For data encryption it uses
AES256 symmetric encryption algorithm.
The encryption key used for each user is randomly generated at the time of download of the
user. The PC will store a copy of the encryption key; this key is also encrypted and only the
user can use it.
When files are copied to the server, the process is double protected: the file is sent with
AES256 encryption (as it is stored) and the transmission is encrypted using HTTPS protocol
(SSL). Open Stack also allows encryption the information at physical level. This will prevent
a malicious administrator or super-user from accessing information stored on the server.
The database keeps a copy of the encryption key for each user; all of them are protected
with the encrypted service key. Thus, it allows the service administrator to restore the key in
case of physical loss of device.
A similar security policy is implemented for the shared files among users inside the company.
In this case, the key is created at the time of company download. This encryption key will be
copied on the devices (PC/Mobile/SD card) and will be protected by the same encryption
scheme defined above. This makes it possible to implement a closed loop of information
between members of a company.
There is a third possible use case, meaning the sharing of personal or business files with
users of other companies. In this case, a gateway server is responsible for transforming the
encryption of files (decrypting with original key and encrypting with target key) or delete it (in
case that the target of the file it is a user/company that does not have an encryption key) .
19
EMEA Cloud Computing Competence Centre
The original deployment of user/company keys generated in the server is performed
automatically using WebService over HTTPS and the authentication is based in the user
credential.
20